What is Email spam?

Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. Email spam is a subset of electronic spam.

The messages may contain disguised links that appear to be for familiar websites but in fact lead to phishing web sites or sites that are hosting malware.
Spam email may also include malware as scripts or other executable file attachments.

Increasingly, email spam today is sent via „zombie networks“, networks of virus- or worm-infected personal computers in homes and offices around the globe. Many modern worms install a backdoor that allows the spammer to access the computer and use it for malicious purposes. This complicates attempts to control the spread of spam, as in many cases the spam does not obviously originate from the spammer.

Definitions of spam usually include the aspects that email is unsolicited and sent in bulk.

The opposite of „spam“, email which one wants, is sometimes called „ham“.

email spam in the inbox

Email spam and its various forms

Unsolicited commercial email (UCE) – spam promoting a commercial service or product

This is the most common type of email spam, but it excludes email scam, phishing and other forms of email fraud, spams that are hoaxes (e.g. virus warnings), political advocacy, religious messages and chain letters.
It is sent from actual businesses who want to generate sales by promoting their products and services via email to people who did not sign up (opt-in) directly to receive email from them.

Unsolicited Commercial Email spam is the least threatening. It is not malicious in nature and is technically legal but does not embrace the best practices of permission-based, opt-in email marketing.

Email scam

Email scam is an unsolicited email that claims the prospect of a bargain or something for nothing. Some scam messages ask for business, others invite victims to a website with a detailed pitch. Email scam is a form of email fraud.
The list of email scams is long enough to mention all of them: Advance-fee fraud, Lottery programs, International money transfer, Investment schemes, Online dating, Phishing, Emotional scam, Job scam and so on.

Phishing and spear-phishing fraud email

Phishing fraud email spam attempts to scam users into entering personal information (credit card number or other sensitive data) on fake web sites using emails forged to look like they are from a known company, brand, bank or financial institution, such as PayPal.
This type of spam is fraudulent, mis-representative and potentially damaging to the recipient. It is cleverly disguised and at first glance actually appear to be from the institution that they are masking.

Targeted phishing, where known information about the recipient is used to create forged emails, is known as spear-phishing.

Virus and Malware email spam

The objective of virus spam is to spread computer viruses and malicious software (malware) across networks via email.
This type of email spam will include an attachment or a link to a file that will trigger some virus or malware to install to the recipients computer when the attachment is opened or the link visited.

Spamvertising

Spamvertising (from words „spam“ and „advertising“) is the practice of sending e-mail spam, advertising a website which sells products or services including illegal ones (grey or black market goods). Viagra, Replica watch, Weight loss, Pornography and many more. Usually spam falls into the following categories:

Adult content – this category of email spam includes offers for products designed to increase or enhance sexual potency, links to dating agencies and porn sites or advertisements for pornography etc.

Health and Medicine – this category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements and non-traditional medication etc. which can all be bought on-line.

Computers, Software, Internet – spam messages include offers for low-priced hardware and software as well as services for website owners such as hosting, domain registration, website optimization and so forth.

Personal finance – spam which falls into this category offers insurance, debt reduction services, loans with low interest rates etc.

Education – this category includes offers for seminars, training and online degrees.

Spam techniques

Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users’ address books, and are sold to other spammers. They also use a practice known as „email appending“ to search for the target’s email address.

Email appending

Email appending, also known as e-appending, is a marketing practice that involves taking known customer data (first name, last name, and postal address) and matching it against a vendor’s database to obtain email addresses. The purpose is to grow one’s email subscriber list with the intent of sending customers information via email instead of through traditional mail.
The success of email appending depends on the quality of both databases being merged.

Image-based spam

Image spam is a kind of email spam where the textual spam message is embedded into images, that are then attached to spam emails. The goal of image spam is clearly to circumvent the analysis of the email’s textual content performed by most of the spam filters.

Blank email spam

Blank email spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line.
Such spam may be originated intentionally, for example it can have been sent in a directory harvest attack for gathering valid email addresses from an email service provider (and to separate invalid ones).
Some spam may appear to be blank when in fact it is not. An example of this is the VBS.Davinia.B email worm which propagates through messages that have no subject line and appears blank, when in fact it uses HTML code to download other files.

Nonsensical email spam

Nonsensical email spam includes those email messages which don’t appear to have any rationale whatsoever. Usually they contain only random text. The objective of nonsensical email spam is simply to test anti-spam and content filters so that spammers can more successfully deliver future messages.

Backscatter email

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is a side-effect of email spam, viruses and worms, where email servers receiving spam and other mail send bounce messages to an innocent party. This occurs because the original message’s envelope sender is forged to contain the email address of the victim. A very large proportion of such email is sent with a forged From: header, matching the envelope sender.

Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as unsolicited bulk email or spam. As such, systems that generate email backscatter can end up being listed on various DNSBLs and be in violation of internet service providers’ Terms of Service.

Final words

Spammers may engage in deliberate fraud to send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up „disposable“ accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one.

Senders may go to great lengths to conceal the origin of their messages. Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party. Others engage in spoofing of email addresses. The email protocol (SMTP) has no authentication by default, so the spammer can pretend to originate a message apparently from any email address.
Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with „undeliverable“ emails in addition to volumes of spam, they can mistakenly be identified as a spammer.

References: Wikipedia, Groupmail, Securelist